Security Bulletin: Langflow OSS affected by vulnerabilies in Lodash versions 4.17.23 and earlier

Summary Langflow OSS affected by vulnerabilies in Lodash versions 4.17.23 and earlier Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465:...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in lodash and lodash-es (CVE-2026-2950, CVE-2026-4800)

Summary Multiple vulnerabilities in the lodash and lodash-es utility libraries CVE-2026-2950, CVE-2026-4800 used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the components to version 4.18.0. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions...

Important: Red Hat Security Advisory: kpatch-patch-4_18_0-372_137_1, kpatch-patch-4_18_0-372_145_1, kpatch-patch-4_18_0-372_158_1, kpatch-patch-4_18_0-372_170_1, and kpatch-patch-4_18_0-372_181_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

MiracleLinux 8 : kernel-4.18.0-553.123.1.el8_10 (AXSA:2026-612:33)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-612:33 advisory. kernel: nvme: avoid double free special payload CVE-2024-41073 kernel: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpae...

Important: Red Hat Security Advisory: kpatch-patch-4_18_0-477_107_1, kpatch-patch-4_18_0-477_120_1, kpatch-patch-4_18_0-477_124_1, kpatch-patch-4_18_0-477_130_1, kpatch-patch-4_18_0-477_89_1, and kpatch-patch-4_18_0-477_97_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 8 : kpatch-patch-4_18_0-553_109_1, kpatch-patch-4_18_0-553_40_1, kpatch-patch-4_18_0-553_53_1, kpatch-patch-4_18_0-553_72_1, and kpatch-patch-4_18_0-553_85_1 (RHSA-2026:15976)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:15976 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

Advisory ROSA-SA-2026-3261

Software: kernel 4.18.0 OS: ROSA Virtualization 2.1 unaffected versions = kernel-4.18.0-553.123.1.el810 affected versions lock, allowing a local attacker to cause a denial of service or execute arbitrary code when frequently switching a thread simultaneously with opening/closing a related subt...

Security Bulletin: There is a vulnerability in lodash-4.17.23.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-2950)

Summary There is a vulnerability in lodash-4.17.23.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions...

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-1346...

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

MiracleLinux 8 : kernel-4.18.0-553.120.1.el8_10 (AXSA:2026-499:28)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-499:28 advisory. kernel: scsi: qla2xxx: Fix improper freeing of purex item CVE-2025-68741 kernel: ALSA: aloop: Fix racy access at PCM trigger CVE-2026-23191 Tenable h...

CVE-2026-40155

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

PT-2026-33516

Name of the Vulnerable Software and Affected Versions Auth0 Next.js SDK versions 4.12.0 through 4.17.1 Description Simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for token request results. This occurs when projects use the proxy...

Linux Distros Unpatched Vulnerability : CVE-2026-2950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465:...

lodash vulnerable to Code Injection via `_.template` imports key names

Impact The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes untrusted input as options.imports key names, an attacker...

EUVD-2026-17591

lodash vulnerable to Prototype Pollution via array path bypass in .unset and .omit...

lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Impact Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465 only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties fro...

DEBIAN-CVE-2026-4800

Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...

DEBIAN-CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...